coryHawkvelt/ansible-docker-frr
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Cory Hawkless 2020-07-30 17:36:21 +09:30
commit de1878ad73
11 changed files with 715 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

407
README.md Normal file
View File

@ -0,0 +1,407 @@
Example server with loads of things going on
config_network_interfaces: true
enable_configured_interfaces_after_defining: false
network_interfaces:
- name: 'enp3s0f0'
configure: true
method: 'static'
address: '172.25.112.184'
#gateway: '172.25.112.1'
netmask: '255.255.254.0'
enable: true
- name: 'enp3s0f1'
configure: true
enable: false
method: 'manual'
- name: 'enp3s0f2'
configure: true
enable: false
method: 'manual'
- name: 'enp3s0f3'
configure: true
enable: false
method: 'manual'
- name: 'ens2f0'
comment: "Link to 40G Switch"
auto_bgp_interface: true
configure: true
method: 'static'
address: '{{host_loopback_IP}}'
netmask: '255.255.255.255'
enable: true
- name: 'ens2f1'
comment: "Link to 10G Switch"
configure: true
method: 'manual'
enable: true
- name: 'ens3f0'
comment: "Link to 40G Switch"
auto_bgp_interface: true
configure: true
method: 'static'
address: '{{host_loopback_IP}}'
netmask: '255.255.255.255'
enable: true
- name: 'ens3f1'
comment: "Link to 10G Switch"
configure: true
method: 'manual'
enable: true
dns_nameservers:
- '172.25.110.2'
- '172.20.0.2'
pri_domain_name: 'bfn.local'
host_loopback_IP: 172.25.4.31
host_ASN: 64653
Example network, no bond, docker frr
host_loopback_IP: 172.25.4.20
host_loopback_IP_v6: 2405:6680:8000:10::4:10
host_ASN: 64642
OOBNET_IP: 172.25.112.174
OOBNET_Netmask: 23
OOBNET_NIC: enp2s0f0
autobgp_interfaces:
- name: 'enp2s0f1'
force10G: True
mtu: 9000
- name: 'enp2s0f4'
force10G: True
mtu: 9000
Example configuration for Dell s6000-ON running Openswitch
host_loopback_IP: 172.25.9.3
host_loopback_IP_v6: 2000:3000:8000:10::9:3
host_ASN: 64661
OOBNET_IP: 172.25.112.196
OOBNET_Netmask: 23
network_interface_breakout_with_vlans:
- name: 'e101-002-1'
mtu: 9000
force10G: True
vlans:
- '1001'
- '1005'
- '1009'
- '1013'
- name: 'e101-002-2'
mtu: 9000
force10G: True
vlans:
- '1002'
- '1006'
- '1010'
- '1014'
- name: 'e101-002-3'
mtu: 9000
force10G: True
vlans:
- '1003'
- '1007'
- '1011'
- '1015'
- name: 'e101-002-4'
mtu: 9000
force10G: True
vlans:
- '1004'
- '1008'
- '1012'
- '1016'
- name: 'e101-003-1'
mtu: 9000
force10G: True
vlans:
- '1017'
- '1021'
- '1025'
- '1029'
- name: 'e101-003-2'
mtu: 9000
force10G: True
vlans:
- '1018'
- '1022'
- '1026'
- '1030'
- name: 'e101-003-3'
mtu: 9000
force10G: True
vlans:
- '1019'
- '1023'
- '1027'
- '1031'
- name: 'e101-003-4'
mtu: 9000
force10G: True
vlans:
- '1020'
- '1024'
- '1028'
- '1032'
- name: 'e101-004-1'
mtu: 9000
force10G: True
vlans:
- '1033'
- '1037'
- '1041'
- '1045'
- name: 'e101-004-2'
mtu: 9000
force10G: True
vlans:
- '1034'
- '1038'
- '1042'
- '1046'
- name: 'e101-004-3'
mtu: 9000
force10G: True
vlans:
- '1035'
- '1039'
- '1043'
- '1047'
- name: 'e101-004-4'
mtu: 9000
force10G: True
vlans:
- '1036'
- '1040'
- '1044'
- '1048'
- name: 'e101-005-1'
mtu: 9000
force10G: True
vlans:
- '1049'
- '1053'
- '1057'
- '1061'
- name: 'e101-005-2'
mtu: 9000
force10G: True
vlans:
- '1050'
- '1054'
- '1058'
- '1062'
- name: 'e101-005-3'
mtu: 9000
force10G: True
vlans:
- '1051'
- '1055'
- '1059'
- '1063'
- name: 'e101-005-4'
mtu: 9000
force10G: True
vlans:
- '1052'
- '1056'
- '1060'
- '1064'
- name: 'e101-006-1'
mtu: 9000
force10G: True
vlans:
- '1065'
- '1069'
- name: 'e101-006-2'
force10G: True
mtu: 9000
vlans:
- '1066'
- '1070'
- name: 'e101-006-3'
force10G: True
mtu: 9000
vlans:
- '1067'
- '1071'
- name: 'e101-006-4'
force10G: True
mtu: 9000
vlans:
- '1068'
- '1072'
autobgp_interfaces:
- name: 'e101-007-1'
mtu: 9000
force10G: True
- name: 'e101-007-2'
mtu: 9000
force10G: True
- name: 'e101-007-3'
mtu: 9000
force10G: True
- name: 'e101-007-4'
mtu: 9000
force10G: True
- name: 'e101-008-1'
mtu: 9000
force10G: True
- name: 'e101-008-2'
mtu: 9000
force10G: True
- name: 'e101-008-3'
mtu: 9000
force10G: True
- name: 'e101-008-4'
mtu: 9000
force10G: True
- name: 'e101-009-1'
mtu: 9000
force10G: True
- name: 'e101-009-2'
mtu: 9000
force10G: True
- name: 'e101-009-3'
mtu: 9000
force10G: True
- name: 'e101-009-4'
mtu: 9000
force10G: True
- name: 'e101-010-1'
mtu: 9000
force10G: True
- name: 'e101-010-2'
mtu: 9000
force10G: True
- name: 'e101-010-3'
mtu: 9000
force10G: True
- name: 'e101-010-4'
mtu: 9000
force10G: True
- name: 'e101-013-0'
mtu: 9000
- name: 'e101-014-0'
mtu: 9000
- name: 'e101-015-0'
mtu: 9000
- name: 'e101-016-0'
mtu: 9000
- name: 'e101-017-0'
mtu: 9000
- name: 'e101-019-0'
mtu: 9000
- name: 'e101-020-0'
mtu: 9000
- name: 'e101-021-0'
mtu: 9000
- name: 'e101-027-0'
mtu: 9000
auto40G: True
- name: 'e101-028-0'
mtu: 9000
auto40G: True
- name: 'e101-029-0'
mtu: 9000
auto40G: True
- name: 'e101-030-0'
mtu: 9000
auto40G: True
- name: 'e101-031-0'
mtu: 9000
auto40G: True
- name: 'e101-032-0'
mtu: 9000
auto40G: True
breakout_ports:
- name: 'e101-001-0'
- name: 'e101-002-0'
- name: 'e101-003-0'
- name: 'e101-004-0'
- name: 'e101-005-0'
- name: 'e101-006-0'
- name: 'e101-007-0'
- name: 'e101-008-0'
- name: 'e101-009-0'
- name: 'e101-010-0'
- name: 'e101-018-0'
- name: 'e101-026-0'
addressed_interfaces:
- name: 'e101-026-1'
mtu: 9000
ip_address: '10.251.251.21'
ip_netmask: '30'
force10G: True
- name: 'e101-018-1'
mtu: 9000
ip_address: '10.251.251.25'
ip_netmask: '30'
force10G: True
frr_other_peers:
- name: "Services Router"
ip: "10.251.251.22"
remote_ASN: "64700"

9
defaults/main.yml Normal file
View File

@ -0,0 +1,9 @@
docker__edition: "ce"
docker__apt_key_id: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
docker__apt_key_server: "https://download.docker.com/linux/{{ ansible_distribution|lower }}/gpg" # yamllint disable-line rule:line-length
docker__channel: "stable"
docker__version: "latest"
docker__apt_repository: >
deb [arch=amd64]
https://download.docker.com/linux/{{ ansible_distribution|lower }}
{{ ansible_distribution_release }} {{ docker__channel }}

1
files/bfdd.conf Normal file
View File

@ -0,0 +1 @@
#Managed by asnible, do not configure manually

1
files/bgpd.conf Normal file
View File

@ -0,0 +1 @@
#Managed by asnible, do not configure manually

80
files/daemons Normal file
View File

@ -0,0 +1,80 @@
#Managed by asnible, do not configure manually
#
# Sample configurations for these daemons can be found in
# /usr/share/doc/frr/examples/.
#
# ATTENTION:
#
# When activating a daemon for the first time, a config file, even if it is
# empty, has to be present *and* be owned by the user and group "frr", else
# the daemon will not be started by /etc/init.d/frr. The permissions should
# be u=rw,g=r,o=.
# When using "vtysh" such a config file is also needed. It should be owned by
# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too.
#
# The watchfrr and zebra daemons are always started.
#
bgpd=yes
ospfd=no
ospf6d=no
ripd=no
ripngd=no
isisd=no
pimd=no
ldpd=no
nhrpd=no
eigrpd=no
babeld=no
sharpd=no
pbrd=no
bfdd=yes
fabricd=no
vrrpd=no
#
# If this option is set the /etc/init.d/frr script automatically loads
# the config via "vtysh -b" when the servers are started.
# Check /etc/pam.d/frr if you intend to use "vtysh"!
#
vtysh_enable=yes
zebra_options=" -A 127.0.0.1 -s 90000000"
bgpd_options=" -A 127.0.0.1"
ospfd_options=" -A 127.0.0.1"
ospf6d_options=" -A ::1"
ripd_options=" -A 127.0.0.1"
ripngd_options=" -A ::1"
isisd_options=" -A 127.0.0.1"
pimd_options=" -A 127.0.0.1"
ldpd_options=" -A 127.0.0.1"
nhrpd_options=" -A 127.0.0.1"
eigrpd_options=" -A 127.0.0.1"
babeld_options=" -A 127.0.0.1"
sharpd_options=" -A 127.0.0.1"
pbrd_options=" -A 127.0.0.1"
staticd_options="-A 127.0.0.1"
bfdd_options=" -A 127.0.0.1"
fabricd_options="-A 127.0.0.1"
vrrpd_options=" -A 127.0.0.1"
# configuration profile
#
#frr_profile="traditional"
#frr_profile="datacenter"
#
# This is the maximum number of FD's that will be available.
# Upon startup this is read by the control files and ulimit
# is called. Uncomment and use a reasonable value for your
# setup if you are expecting a large number of peers in
# say BGP.
#MAX_FDS=1024
# The list of daemons to watch is automatically generated by the init script.
#watchfrr_options=""
# for debugging purposes, you can specify a "wrap" command to start instead
# of starting the daemon directly, e.g. to use valgrind on ospfd:
# ospfd_wrap="/usr/bin/valgrind"
# or you can use "all_wrap" for all daemons, e.g. to use perf record:
# all_wrap="/usr/bin/perf record --call-graph -"
# the normal daemon command is added to this at the end.

1
files/dockerfrr.sh Normal file
View File

@ -0,0 +1 @@
docker exec -i -t frr /usr/bin/vtysh

6
handlers/main.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: restart frr-docker
action: service name=frr-docker enabled=yes state=restarted
- name: reload 99frr_defaults
action: shell /sbin/sysctl -p /etc/sysctl.d/99frr_defaults.conf

52
tasks/main.yml Normal file
View File

@ -0,0 +1,52 @@
- name: Configure 99_frr_defaults.conf
action: template src=templates/99frr_defaults.conf.j2 dest=/etc/sysctl.d/99frr_defaults.conf backup=yes
notify:
- reload 99frr_defaults
tags: frr-docker
- name: "Copy dockerfrr.sh shortcut script"
copy:
src: files/dockerfrr.sh
dest: /usr/sbin/dockerfrr.sh
mode: "+x"
- name: "Configure /etc/frr"
file:
path: "/etc/frr/"
state: directory
- name: "Copy daemons file"
copy:
src: daemons
dest: "/etc/frr/daemons"
- name: "Copy bgpd.conf file"
copy:
src: bgpd.conf
dest: "/etc/frr/bgpd.conf"
- name: "Copy bfdd.conf file"
copy:
src: bfdd.conf
dest: "/etc/frr/bfdd.conf"
- name: "Configure frr.conf"
action: template src=templates/frr.conf.j2 dest=/etc/frr/frr.conf backup=yes
notify:
- restart frr-docker
when: ignore_frrconf is not defined
tags: frr-docker,frrconf
- name: "Configure frr-docker.service"
action: template src=templates/frr-docker.service.j2 dest=/etc/systemd/system/frr-docker.service backup=yes
notify:
- restart frr-docker
tags: frr-docker
- name: "Reload systemctl then enable & start frr-docker service"
systemd:
state: started
enabled: True
daemon_reload: yes
name: frr-docker.service
tags: frr-docker

42
templates/99frr_defaults.conf.j2 Normal file
View File

@ -0,0 +1,42 @@
# /etc/sysctl.d/99frr_defaults.conf
# Place this file at the location above and reload the device.
# or run the sysctl -p /etc/sysctl.d/99frr_defaults.conf
# Enables IPv4/IPv6 Routing
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding=1
# Routing
net.ipv6.route.max_size=131072
net.ipv4.conf.all.ignore_routes_with_linkdown=1
net.ipv6.conf.all.ignore_routes_with_linkdown=1
# Best Settings for Peering w/ BGP Unnumbered and OSPF Neighbors
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.default.arp_notify = 1
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_notify = 1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.icmp_errors_use_inbound_ifaddr=1
# Miscellaneous Settings
# Keep ipv6 permanent addresses on an admin down
net.ipv6.conf.all.keep_addr_on_down=1
# igmp
net.ipv4.igmp_max_memberships=1000
net.ipv4.neigh.default.mcast_solicit = 10
# MLD
net.ipv6.mld_max_msf=512
# Garbage Collection Settings for ARP and Neighbors
net.ipv4.neigh.default.gc_thresh2=7168
net.ipv4.neigh.default.gc_thresh3=8192
net.ipv4.neigh.default.base_reachable_time_ms=14400000
net.ipv6.neigh.default.gc_thresh2=3584
net.ipv6.neigh.default.gc_thresh3=4096
net.ipv6.neigh.default.base_reachable_time_ms=14400000
# Use neigh information on selection of nexthop for multipath hops
net.ipv4.fib_multipath_use_neigh=1
# Allows Apps to Work with VRF
net.ipv4.tcp_l3mdev_accept=1

20
templates/frr-docker.service.j2 Normal file
View File

@ -0,0 +1,20 @@
[Unit]
Description=Cumulus Frr Container
After=docker.service network-online.target
Requires=docker.service
[Service]
Restart=always
TimeoutStartSec=0
#One ExecStart/ExecStop line to prevent hitting bugs in certain systemd versions
ExecStart=/bin/sh -c 'docker rm -f frr; \
docker pull registry.acs2.lan:5000/frrouting/frr; \
docker run -t --net=host --privileged --name frr -v /etc/frr/frr.conf:/etc/frr/frr.conf -v /etc/frr/daemons:/etc/frr/daemons -v /etc/frr/bgpd.conf:/etc/frr/bgpd.conf -v /etc/frr/bfdd.conf:/etc/frr/bfdd.conf -v /var/log/frr/frr.log:/var/log/frr/frr.log registry.acs2.lan:5000/frrouting/frr'
ExecStop=-/bin/sh -c '/usr/bin/docker stop frr; \
/usr/bin/docker rm -f frr'
[Install]
WantedBy=multi-user.target

96
templates/frr.conf.j2 Normal file
View File

@ -0,0 +1,96 @@
frr defaults datacenter
hostname {{ansible_hostname}}
!
service integrated-vtysh-config
!
log syslog informational
!
{% if autobgp_interfaces is defined and autobgp_interfaces != [] %}
{% for item in autobgp_interfaces %}
interface {{ item['name'] }}
ipv6 nd ra-interval 10
no ipv6 nd suppress-ra
!
{% endfor %}
{% endif %}
router bgp {{host_ASN}}
bgp router-id {{host_loopback_IP}}
bgp bestpath as-path multipath-relax
bgp bestpath compare-routerid
{% if autobgp_interfaces is defined and autobgp_interfaces != [] %}
neighbor fabric peer-group
neighbor fabric remote-as external
neighbor fabric description Internal Fabric Network
neighbor fabric capability extended-nexthop
{% endif %}
{% if addressed_interfaces is defined and addressed_interfaces != [] %}
{% for item in addressed_interfaces %}
{% if item['bgpPeerIP'] is defined %}
neighbor {{ item['bgpPeerIP'] }} remote-as {{ item['bgpPeerASN'] }}
{% endif %}
{% endfor %}
{% endif %}
{% if autobgp_interfaces is defined and autobgp_interfaces != [] %}
{% for item in autobgp_interfaces %}
neighbor {{ item['name'] }} interface peer-group fabric
{% endfor %}
{% endif %}
{% if frr_other_peers is defined and frr_other_peers != [] %}
{% for item in frr_other_peers %}
neighbor {{ item['ip'] }} remote-as {{ item['remote_ASN'] }}
{% endfor %}
{% endif %}
!
address-family ipv4 unicast
network {{host_loopback_IP}}/32
{% if autobgp_interfaces is defined and autobgp_interfaces != [] %}
neighbor fabric activate
neighbor fabric prefix-list AS{{host_ASN}}-OUT out
{% endif %}
{% if frr_other_peers is defined and frr_other_peers != [] %}
{% for item in frr_other_peers %}
neighbor {{ item['ip'] }} remote-as {{ item['remote_ASN'] }} prefix-list AS{{host_ASN}}-OUT out
{% endfor %}
{% endif %}
{% if addressed_interfaces is defined and addressed_interfaces != [] %}
{% for item in addressed_interfaces %}
{% if item['bgpPeerIP'] is defined %}
neighbor {{ item['bgpPeerIP'] }} prefix-list AS{{host_ASN}}-OUT out
{% endif %}
{% endfor %}
{% endif %}
exit-address-family
!
address-family ipv6 unicast
network {{host_loopback_IP_v6}}/128
{% if frr_other_peers is defined and frr_other_peers != [] %}
{% for item in frr_other_peers %}
neighbor {{ item['ip'] }} prefix-list AS{{host_ASN}}-OUT out
{% endfor %}
{% endif %}
{% if autobgp_interfaces is defined and autobgp_interfaces != [] %}
neighbor fabric activate
neighbor fabric prefix-list AS{{host_ASN}}-OUT out
{% endif %}
{% if addressed_interfaces is defined and addressed_interfaces != [] %}
{% for item in addressed_interfaces %}
{% if item['bgpPeerIP'] is defined %}
neighbor {{ item['bgpPeerIP'] }} prefix-list AS{{host_ASN}}-OUT out
{% endif %}
{% endfor %}
{% endif %}
exit-address-family
!
address-family l2vpn evpn
neighbor fabric activate
advertise-all-vni
advertise-default-gw
exit-address-family
!
ip prefix-list AS{{host_ASN}}-OUT seq 5 permit {{host_loopback_IP}}/32
!
ipv6 prefix-list AS{{host_ASN}}-OUT seq 5 permit {{host_loopback_IP_v6}}/128
line vty
!